1. Field of the Disclosure
The field of the disclosure relates generally to information security training, and, more particularly, to phishing awareness training.
2. Description of the Related Art
Social engineering attacks, such as phishing, constitute a common threat to organization's information technology (IT) enterprise systems and data. Phishing attacks target individual users and seek to exploit them as the weakest link in the information security chain.
Conventional information security training consists of static presentations or test events that are exercised on a periodic basis (i.e., annually, quarterly, or monthly). However, given that attack methodologies are constantly evolving, information security threats quickly outpace the level of conventional training. This is especially true in the social engineering attack context. Accordingly, what is needed is more sophisticated information security training to better protect organizations and their data from these ever-evolving threats.
Traditional training techniques, such as annual data security training, are not targeted to susceptible users and fail to provide a consistent level of user awareness of security threats such as social engineering attacks. Accordingly, what is needed are systems and methods for providing a consistent level of user awareness and exploitation of a “teachable moment” operand conditioning in order to provide focused training for susceptible users.